Your message dated Sat, 29 Nov 2025 11:05:44 +0000
with message-id <[email protected]>
and subject line Bug#1105193: fixed in xen 4.20.2+7-g1badcf5035-1
has caused the Debian Bug report #1105193,
regarding xen: CVE-2024-28956: XSA-469: x86: Indirect Target Selection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1105193: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105193
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: xen
Version: 4.20.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for xen.
CVE-2024-28956[0]:
| x86: Indirect Target Selection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-28956
https://www.cve.org/CVERecord?id=CVE-2024-28956
[1] https://xenbits.xen.org/xsa/advisory-469.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xen
Source-Version: 4.20.2+7-g1badcf5035-1
Done: Maximilian Engelhardt <[email protected]>
We believe that the bug you reported is fixed in the latest version of
xen, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Maximilian Engelhardt <[email protected]> (supplier of updated xen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 28 Nov 2025 00:14:24 +0100
Source: xen
Architecture: source
Version: 4.20.2+7-g1badcf5035-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xen Team <[email protected]>
Changed-By: Maximilian Engelhardt <[email protected]>
Closes: 1105193 1120075
Changes:
xen (4.20.2+7-g1badcf5035-1) unstable; urgency=medium
.
Significant changes:
* Update to new upstream version 4.20.2+7-g1badcf5035, which also contains
security fixes for the following issues:
(Closes: #1105193) (Closes: #1120075)
- x86: Indirect Target Selection
XSA-469 CVE-2024-28956
- x86: Incorrect stubs exception handling for flags recovery
XSA-470 CVE-2025-27465
- x86: Transitive Scheduler Attacks
XSA-471 CVE-2024-36350 CVE-2024-36357
- Multiple vulnerabilities in the Viridian interface
XSA-472 CVE-2025-27466 CVE-2025-58142 CVE-2025-58143
- Arm issues with page refcounting
XSA-473 CVE-2025-58144 CVE-2025-58145
- x86: Incorrect input sanitisation in Viridian hypercalls
XSA-475 CVE-2025-58147 CVE-2025-58148
- Incorrect removal of permissions on PCI device unplug
XSA-476 CVE-2025-58149
* Note that the following XSA are not listed, because...
- XSA-468 applies to Windows PV drivers
- XSA-474 applies to XAPI which is not included in Debian
.
Packaging minor fixes and improvements:
* debian/salsa-ci.yml: adjust for new salsa-ci pipeline
Checksums-Sha1:
14cb120eabe63c5d06632c8d45383cb4bb605908 4138 xen_4.20.2+7-g1badcf5035-1.dsc
24bd3f07ebb7c56981501afc2375370c5d571222 4953752
xen_4.20.2+7-g1badcf5035.orig.tar.xz
d2001f845a38a5cab51a592fc98e32ab9a04c39d 138860
xen_4.20.2+7-g1badcf5035-1.debian.tar.xz
Checksums-Sha256:
a612f57220cb6f7ecff30386cb20fd9ff21003822d0d44c0ce1b80483d9f5101 4138
xen_4.20.2+7-g1badcf5035-1.dsc
8476bb9e37fd8f7d7a0e465d43767697258120b1362575110a9c377aca026483 4953752
xen_4.20.2+7-g1badcf5035.orig.tar.xz
5578b8ace7f4cf1d4d1a06c69423a07671c25dfbe28f9c5b8c2a673e34e171e1 138860
xen_4.20.2+7-g1badcf5035-1.debian.tar.xz
Files:
ec9f105b92f8fc0a5d1e4441f02252b9 4138 admin optional
xen_4.20.2+7-g1badcf5035-1.dsc
d6ff179cc60c91c5bd2fbf5f04b0012f 4953752 admin optional
xen_4.20.2+7-g1badcf5035.orig.tar.xz
dba9d6f27e92c578018fa5c20d8d1720 138860 admin optional
xen_4.20.2+7-g1badcf5035-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEESWyddwNaG9637koYssHfcmNhX2wFAmkq0HgACgkQssHfcmNh
X2zXAQ/9HgF3QHyCjQmuSCo3hZuq6LrYQ8q2pcOrLA/YliVtBcnjpffyavWnOT5O
aRMaHBkObzfS35sBEnpnZR8joZgzLra8FS58bMQht/qfrM3W4fWzC8CmyEgOfzZF
yDpk2I5lCuZBZyHsO2mbaU3o3GESMa1NFhnlFEsrhUgYScyomE+NRKE35RThVOl4
Gk/v0OdKQ0M6K+8HqhAc8v5XTMrHIiiN+ork4yQpBonPdRM9isKjTAVEFgVn2vme
rjUuJV1QbnIz+yNNxH8jZhsBbKM9vNGAvquDfbN9zzaG8WtlzgnxO3MkN2Zik1JF
qXpTZpIcY2JqGbt8R+U+oNPI/c2pByrISyklTDvkzZ4BZLhZmULWSP/y1Mc2ZaA5
M5mI/QKuxKYfEbB5NQ2+vpAr1dIqvUF0epBoY8MIL7NYSa14xUcURvMsCsTfVN+Y
Q9Ka8Qo/ZaNT9dl4W7G71L+9VX7wEcMd8EtxHWej9NNBa1NPDQgGea8iXVIBIU5b
4WclMIHKizUC2ht9X5pmNJfMn/h8tvcuKzlFDUSAUmT2MK7We1boxjJpf0nL2/d4
eHYtKwbtEAbghZPbfJ9x2eal4X6UvCvsFX1Jv9eCnB0Lu78LGUtdgjD0ynPo69ZN
YhVCVKKUIPItsNXdTZ6qn43Zbphw+TJpuUpuUFgDgobrdxUHEgQ=
=k25y
-----END PGP SIGNATURE-----
pgpSQrkLhDEis.pgp
Description: PGP signature
--- End Message ---
